Security headlines you'll never read

News about successful hacks isn't news at all because no one is doing security right and everyone's been breached

Whenever I read another article about how Company X or University Y or Governmental Organization Z was "recently" hacked -- usually "by the Chinese" -- I can't help but chuckle. Those headlines -- the most recent about the U.S. Chamber of Commerce -- shouldn't read, "Company X was hacked!" They should read, "Company X has been hacked for years but just now noticed!"

Headlines that, to me, would truly be newsworthy include:

[ Also on "Chinese hack on U.S. Chamber of Commerce went undetected for 6 months" | Put a stop to corporate data leaks with Roger Grimes's "Data Loss Prevention Deep Dive" PDF expert guide, only from InfoWorld. ]

Stories about successful attacks are old news because everyone's already been hacked. You won't find a decent computer security expert who'll tell you otherwise. I'm dumbfounded by the fact that, despite the severity of the problem, we still aren't doing anything differently to protect ourselves.

How do these "uber" hackers pull off the types of attacks that make headlines? By exploiting unpatched software, taking advantage of poor passwords, targeting an application vulnerability, or duping one or more users into running something they shouldn't. It's a short and simple list, but apparently no one is taking the simple steps needed to protect themselves.

On a broader level, how bad does it have to be before we, as a society, demand that our leaders get together to fix the Internet already -- before a catastrophe occurs?

In this topsy-turvy world of default insecurity, headlines about successful attacks are old news. It's time to see news about how we're fixing the problem.

This story, "Security headlines you'll never read," was originally published at Keep up on the latest developments in network security and read more of Roger Grimes's Security Adviser blog at For the latest business technology news, follow on Twitter.

New! Download the State of Cybercrime 2017 report